Google Git
Sign in
android / platform / external / sepolicy / abf31acb01f85ade4b97b05f9893d270b915b7b6
commitabf31acb01f85ade4b97b05f9893d270b915b7b6[log] [tgz]
authordcashman <dcashman@google.com>Fri Feb 05 15:13:36 2016 -0800
committerdcashman <dcashman@google.com>Fri Feb 05 15:16:51 2016 -0800
tree3bb46bba26d54c25c3bb813fc4c30c287a90404a
parent35a145143076ceee50f387025d8cb3c62e62569e [diff]
Allow domain to read proc dirs.

Ability to read all of proc was placed in domain_deprecated with the
intention of reducing information leaking from proc.  Many processes try
to read proc dirs, though.  Allow this with the belief that information
leakage is from the proc files themselves rather than dir structure.

Address the following denial:
avc: denied { read } for name="/" dev="proc" ino=1 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc:s0 tclass=dir permissive=0

Bug: 26833472
Change-Id: I975ae022c093e1cf80de21487dc11e49f938e5a3
1 file changed
tree: 3bb46bba26d54c25c3bb813fc4c30c287a90404a
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. atrace.te
  7. attributes
  8. binderservicedomain.te
  9. blkid.te
  10. blkid_untrusted.te
  11. bluetooth.te
  12. bluetoothdomain.te
  13. bootanim.te
  14. bootstat.te
  15. clatd.te
  16. CleanSpec.mk
  17. debuggerd.te
  18. device.te
  19. dex2oat.te
  20. dhcp.te
  21. dnsmasq.te
  22. domain.te
  23. domain_deprecated.te
  24. drmserver.te
  25. dumpstate.te
  26. file.te
  27. file_contexts
  28. file_contexts_asan
  29. fingerprintd.te
  30. fs_use
  31. fsck.te
  32. fsck_untrusted.te
  33. gatekeeperd.te
  34. genfs_contexts
  35. global_macros
  36. gpsd.te
  37. hci_attach.te
  38. healthd.te
  39. hostapd.te
  40. idmap.te
  41. init.te
  42. initial_sid_contexts
  43. initial_sids
  44. inputflinger.te
  45. install_recovery.te
  46. installd.te
  47. ioctl_macros
  48. isolated_app.te
  49. kernel.te
  50. keys.conf
  51. keystore.te
  52. lmkd.te
  53. logd.te
  54. mac_permissions.xml
  55. mdnsd.te
  56. mediaserver.te
  57. mls
  58. mls_macros
  59. MODULE_LICENSE_PUBLIC_DOMAIN
  60. mtp.te
  61. net.te
  62. netd.te
  63. neverallow_macros
  64. nfc.te
  65. NOTICE
  66. perfprofd.te
  67. platform_app.te
  68. policy_capabilities
  69. port_contexts
  70. ppp.te
  71. priv_app.te
  72. property.te
  73. property_contexts
  74. racoon.te
  75. radio.te
  76. README
  77. recovery.te
  78. rild.te
  79. roles
  80. runas.te
  81. sdcardd.te
  82. seapp_contexts
  83. security_classes
  84. service.te
  85. service_contexts
  86. servicemanager.te
  87. sgdisk.te
  88. shared_relro.te
  89. shell.te
  90. slideshow.te
  91. su.te
  92. surfaceflinger.te
  93. system_app.te
  94. system_server.te
  95. te_macros
  96. tee.te
  97. toolbox.te
  98. tzdatacheck.te
  99. ueventd.te
  100. uncrypt.te
  101. untrusted_app.te
  102. update_engine.te
  103. update_verifier.te
  104. users
  105. vdc.te
  106. vold.te
  107. watchdogd.te
  108. wpa.te
  109. zygote.te